Search Guard configuration with x-pack monitoring and Kibana

Issue:

We have followed the setup instructions provided as per https://floragunncom.github.io/search-guard-docs/x_pack_monitoring.html

But search Guard plugin for Kibana is throwing out an error:

log [05:58:43.063] [error][reporting] Error: cluster ‘security’ already exists;

at Object.create [as createCluster] (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/src/core_plugins/elasticsearch/lib/create_clusters.js:26:15)

at exports.getClient.server (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/server/lib/get_client_shield.js:6:48)

at /Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/node_modules/lodash/index.js:7363:25

at getUserFn (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/plugins/reporting/server/lib/get_user.js:5:33)

at /Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/plugins/reporting/server/lib/once_per_server.js:24:15

at memoized (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/node_modules/lodash/index.js:7912:27)

at authorizedUserPreRoutingFn (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/plugins/reporting/server/lib/authorized_user_pre_routing.js:8:19)

at /Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/plugins/reporting/server/lib/once_per_server.js:24:15

at memoized (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/node_modules/lodash/index.js:7912:27)

at main (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/plugins/reporting/server/routes/main.js:22:36)

at _phantom.phantom.install.then.phantomPackage (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/plugins/reporting/index.js:113:13)

log [05:58:43.063] [error][reporting] undefined

log [05:58:43.069] [fatal] TypeError: Cannot read property ‘code’ of undefined

at _phantom.phantom.install.then.catch.err (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/plugins/reporting/index.js:126:47)

Why is search guard plugin trying to create a new cluster for security?

Attached are the configuration files.

Config highlights:

in elasticsearch.yml

xpack.security.enabled: false
xpack.monitoring.enabled: true

xpack.monitoring.exporters:
id1:
type: http
host: [“http://127.0.0.1:9200”]
auth.username: admin
auth.password: admin
ssl:
truststore.path: truststore.jks
truststore.password: changeit

searchguard.ssl.http.enabled: false

``

in kibana.yml

xpack.monitoring.enabled: true
xpack.security.enabled: false

elasticsearch.ssl.verificationMode: none

elasticsearch.url: “http://localhost:9200

elasticsearch.username: “kibanaserver”
elasticsearch.password: “kibanaserver”

searchguard.basicauth.enabled: true
searchguard.cookie.secure: true
searchguard.cookie.name: “searchguard_authentication”
searchguard.cookie.password: “searchguard_cookie_default_password”
searchguard.cookie.ttl: 7200000
searchguard.session.ttl: 7200000
searchguard.session.keepalive: true

elasticsearch.requestHeadersWhitelist: [ “authorization”, “sg_tenant”, “x-forwarded-for”, “x-forwarded-by”, “x-proxy-user”, “x-proxy-roles” ]

searchguard.basicauth.login.showbrandimage: true

xpack.security.enabled: false
xpack.monitoring.enabled: true

``

in sg_config.yml

searchguard:
dynamic:
authc:
kibana_auth_domain:
enabled: true
order: 2
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: internal

``

in sg_roles.yml

sg_kibana_server:
cluster:
- CLUSTER_MONITOR
- CLUSTER_COMPOSITE_OPS
- cluster:admin/xpack/monitoring/bulk*
- cluster:admin/xpack/monitoring*
- cluster:security/*
indices:
’:
'
’:
- ALL

``

Version details:

Elastic search version: 5.6.0

Kibana version: 5.6.0

x-pack version: 5.6.0

Search Guard version: 5.6.0-16

Search Guard Kibana plugin Multitenancy 5.6.0-4

java version "1.8.0_152"

elasticsearch.yml (3.62 KB)

sg_action_groups.yml (1.48 KB)

sg_config.yml (9.57 KB)

sg_internal_users.yml (1.33 KB)

sg_roles_mapping.yml (1013 Bytes)

sg_roles.yml (6.26 KB)

kibana.yml (5.34 KB)

duplicate of https://github.com/floragunncom/search-guard-kibana-plugin/issues/43

···

On Wednesday, 22 November 2017 15:48:40 UTC+1, sri…nath@…gmail.com wrote:

Issue:

We have followed the setup instructions provided as per https://floragunncom.github.io/search-guard-docs/x_pack_monitoring.html

But search Guard plugin for Kibana is throwing out an error:

log [05:58:43.063] [error][reporting] Error: cluster ‘security’ already exists;

at Object.create [as createCluster] (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/src/core_plugins/elasticsearch/lib/create_clusters.js:26:15)
at exports.getClient.server (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/server/lib/get_client_shield.js:6:48)
at /Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/node_modules/lodash/index.js:7363:25
at getUserFn (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/plugins/reporting/server/lib/get_user.js:5:33)
at /Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/plugins/reporting/server/lib/once_per_server.js:24:15
at memoized (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/node_modules/lodash/index.js:7912:27)
at authorizedUserPreRoutingFn (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/plugins/reporting/server/lib/authorized_user_pre_routing.js:8:19)
at /Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/plugins/reporting/server/lib/once_per_server.js:24:15
at memoized (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/node_modules/lodash/index.js:7912:27)
at main (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/plugins/reporting/server/routes/main.js:22:36)
at _phantom.phantom.install.then.phantomPackage (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/plugins/reporting/index.js:113:13)

log [05:58:43.063] [error][reporting] undefined

log [05:58:43.069] [fatal] TypeError: Cannot read property ‘code’ of undefined

at _phantom.phantom.install.then.catch.err (/Users/sriharsr/kibana-5.6.0-darwin-x86_64/plugins/x-pack/plugins/reporting/index.js:126:47)

Why is search guard plugin trying to create a new cluster for security?

Attached are the configuration files.

Config highlights:

in elasticsearch.yml

xpack.security.enabled: false
xpack.monitoring.enabled: true

xpack.monitoring.exporters:
id1:
type: http
host: [“http://127.0.0.1:9200”]
auth.username: admin
auth.password: admin
ssl:
truststore.path: truststore.jks
truststore.password: changeit

searchguard.ssl.http.enabled: false

``

in kibana.yml

xpack.monitoring.enabled: true
xpack.security.enabled: false

elasticsearch.ssl.verificationMode: none

elasticsearch.url: “http://localhost:9200

elasticsearch.username: “kibanaserver”
elasticsearch.password: “kibanaserver”

searchguard.basicauth.enabled: true
searchguard.cookie.secure: true
searchguard.cookie.name: “searchguard_authentication”
searchguard.cookie.password: “searchguard_cookie_default_password”
searchguard.cookie.ttl: 7200000
searchguard.session.ttl: 7200000
searchguard.session.keepalive: true

elasticsearch.requestHeadersWhitelist: [ “authorization”, “sg_tenant”, “x-forwarded-for”, “x-forwarded-by”, “x-proxy-user”, “x-proxy-roles” ]

searchguard.basicauth.login.showbrandimage: true

xpack.security.enabled: false
xpack.monitoring.enabled: true

``

in sg_config.yml

searchguard:
dynamic:
authc:
kibana_auth_domain:
enabled: true
order: 2
http_authenticator:
type: basic
challenge: true
authentication_backend:
type: internal

``

in sg_roles.yml

sg_kibana_server:
cluster:
- CLUSTER_MONITOR
- CLUSTER_COMPOSITE_OPS
- cluster:admin/xpack/monitoring/bulk*
- cluster:admin/xpack/monitoring*
- cluster:security/*
indices:
’:
'
’:
- ALL

``

Version details:

Elastic search version: 5.6.0

Kibana version: 5.6.0

x-pack version: 5.6.0

Search Guard version: 5.6.0-16

Search Guard Kibana plugin Multitenancy 5.6.0-4

java version "1.8.0_152"